Preauth: Block cookie?

Hello,

I've been working on a simple ZMS administration interface for our Customer Support department, and one of the big issues is the way the "view mail" system works. Using the offical Admin interface or my own hand-crafted SOAP interface, using preauth (clicking "view mail" in the Admin interface) ships the browser to a URL such as "http://webmail.example.com/service/preauth?authtoken=", in which the HTTP header:

Set-Cookie: ZM_AUTH_TOKEN=MY_REALLY_LONG_AUTH_STRING;Path=/

appears. My issue is this: Many of my support agents use a single browser intance to do their jobs (ie, Firefox with many tabs, etc). When this "view mail" action happens, it kills their currnet cookie with the mail server, thus, logging them out of their own mail instance.

The best solution here is to somehow tell preauth not to set a cookie, but rather just to set a session. If this isnt poissible due to the backend of Zimbra, possibly one could mangle the _name_ of the cookie?

Thanks for all your help ahead of time. As usual, I will post here if I manage to figure this out myself.

I'm going to impliment something terrible... What I've done is altered my script to collect the ZM_AUTH_TOKEN, and keep it in a session. Then, the user it forwarded to Zimbra, delegates into the new user and gets a new ZM_AUTH_TOKEN. When the user is done, they click the "logout" button in zimbra, which forwards them to another script, which restores the users cookie for the session.

This is a terrible way of doing things, and its only a fix for my scripts, not for the Zimbra main interface.